Mastodon Feed: Posts

baldur@toot.cafe ("Baldur Bjarnason") wrote:

I keep coming back to the leaded petrol analogy for LLMs and coding

Harms that are manageable when it's only used by a small number of experts become catastrophic pollution when it's used broadly throughout society

If LLMs were only used by a small number of experienced devs working with well-engineered guardrails, we'd have less of a problem

But once they start getting more commonly used, they start to pollute the entire ecosystem and the only way forward is stiff regulation for everybody

Boosted by aredridel@kolektiva.social ("Mx. Aria Stewart"):
quinn@social.circl.lu ("Quinn Norton") wrote:

RE: https://mastodon.social/@zackwhittaker/116323734408381625

My trans homies, remember that your stealth roll is nerfed today, but you can use hit dice to restore more HP than usual 🙌

pzmyers@freethought.online ("pzmyers 🕷") wrote:

I'm happy to see one state is bold enough to tax the rich.

https://freethoughtblogs.com/pharyngula/2026/03/31/all-millionaires-are-welcome-to-leave-grandmother-mountains-domain/

baldur@toot.cafe ("Baldur Bjarnason") wrote:

So, still digesting the argument of this article and haven't quite made up my mind about it.

But the fact that various forms of self-aware reasoning towards problem-solving exist across the animal kingdom that doesn't seem to be a direct function of neural network size would seem to indicate that there is some other mechanism at play than network size (which has been the core operating thesis of "AI")

"Studies on animal minds suggest consciousness is not computation"

https://iai.tv/articles/studies-on-animal-minds-suggest-consciousness-is-not-computation-auid-3535?%5Fauid=2020

Boosted by baldur@toot.cafe ("Baldur Bjarnason"):
zachleat@zachleat.com ("Zach Leatherman") wrote:

It needs to be known that @cloudfour are some of the best folks in the business and now is your chance to learn first-hand: https://cloudfour.com/thinks/more-projects-please/

aredridel@kolektiva.social ("Mx. Aria Stewart") wrote:

Also you're not going to have much luck bringing ethics to an economics fight. (God I wish that were easier to bring, but you have to bring _regulation_ to an economics fight if you want to embed ethics.)

Boosted by baldur@toot.cafe ("Baldur Bjarnason"):
davidgerard@circumstances.run ("David Gerard") wrote:

the precise timeline of how OpenAI fucked over the RAM market

> October 2025: Sam Altman flies to Seoul and signs simultaneous deals with Samsung and SK Hynix for 900,000 DRAM wafers per month. That's 40% of global supply. Neither company knew the other was signing a near-identical commitment at the same time.

https://xcancel.com/aakashgupta/status/2038813799856374135

Boosted by jsonstein@masto.deoan.org ("Jeff Sonstein"):
BleepingComputer@infosec.exchange wrote:

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver remote access trojans to Linux, Windows, and macOS systems.

https://www.bleepingcomputer.com/news/security/hackers-compromise-axios-npm-package-to-drop-cross-platform-malware/

fromjason ("fromjason.xyz ❤️ 💻 ✍️ 🥐 🇵🇷") wrote:

So Trump's ballroom is actually a military bunker underneath.

Why. Are. Rich. People. Building. Bunkers.

pzmyers@freethought.online ("pzmyers 🕷") wrote:

The "future of education" is blindingly tasteless and vapid.

https://freethoughtblogs.com/pharyngula/2026/03/31/the-future-of-education/

aredridel@kolektiva.social ("Mx. Aria Stewart") wrote:

A lotta y'all gotta learn the difference between _LLM Use_ and _slop generation_.

You can make slop by hand like the old days and it's still slop. You can use an LLM with good engineering practices as guardrails and end up without slop.

(If it's creative work without engineering guardrails though, it's almost certainly slop.)

db@social.lol ("David Bushell 🪿") wrote:

excited to try this but disappointed that my paid Proton subscription gets zero benefits (unless i pay more)

https://proton.me/business/blog/introducing-proton-meet

Boosted by aredridel@kolektiva.social ("Mx. Aria Stewart"):
ngaylinn@tech.lgbt ("Nate Gaylinn") wrote:

Sigh. I just discovered an experiment very similar to what I've been designing over the last several weeks.

This has to be one of the most difficult and discouraging parts of science.

I don't feel as "scooped" as I used to when this happens. I've come to realize that I almost always have something else to add, so this is generally a sign to pivot rather than give up.

But I did waste effort researching what this paper clearly explains, and now I have to stop and rethink everything I'm doing, and maybe even start over from scratch on some things. Frustrating!

What bothers me most about this is how accidental it all is. The scientific literature is barely organized. I find things because someone points them out, or because I have the right magic keywords. Both of those methods are painfully unreliable, and I often find things much later than I'd like.

There's gotta be a better way.

#academicchatter

Boosted by baldur@toot.cafe ("Baldur Bjarnason"):
PavelASamsonov ("Pavel A. Samsonov") wrote:

The main problem with checking AI outputs is that you need to have an idea of what you actually wanted it to do, and most people use AI as a substitute for having to figure that out.

aredridel@kolektiva.social ("Mx. Aria Stewart") wrote:

And with that, with https://spicelabs.io/ (my employer), I can quickly check and see if it's present anywhere in our builds. It's not there.

aredridel@kolektiva.social ("Mx. Aria Stewart") wrote:

The actual compromise file in plain-crypto-js is SHA1 b0e0f12f1be57dc67fa375e860cedd19553c464d

This is the one that will be on-disk in a node_modules directory.

aredridel@kolektiva.social ("Mx. Aria Stewart") wrote:

Looks like Socket has a copy, now to figure out how to download it.

aredridel@kolektiva.social ("Mx. Aria Stewart") wrote:

I really wish that the npmjs security team published the complete list of file hashes of a compromised package in their stub package page that they use when they remove something.

The way we hide compromises so fast when we respond actually makes responding harder.

aredridel@kolektiva.social ("Mx. Aria Stewart") wrote:

I know the plain-crypto-js package's overall SHA1 hash is 07d889e2dadce6f3910dcbc253317d28ca61c766, but that's not actually a thing you'd find on disk in a node_modules directory.

aredridel@kolektiva.social ("Mx. Aria Stewart") wrote:

Anyone have the hashes of the files in the compromised axios and particularly the malicious dependency?

db@social.lol ("David Bushell 🪿") wrote:

seriously, what was i doing before CSS Subgrid, bashing rocks together? once you see a subgrid they're everywhere

Boosted by aredridel@kolektiva.social ("Mx. Aria Stewart"):
cowperthwait@sfba.social ("Jonathan E Cowperthwait") wrote:

npmjs Twitter account to reply, “What can npmjs security team do for you today? Also ✨ Quickly spin up Copilot coding agent tasks from anywhere on your macOS or Windows machine with Raycast.”

jsonstein@masto.deoan.org ("Jeff Sonstein") wrote:

ugh, I'm guessing somebody screwed the pooch

https://www.nytimes.com/2026/03/29/world/middleeast/us-precision-strike-missile-iran-lamerd.html?rsrc=flt&unlocked%5Farticle%5Fcode=1.XVA.Z0pK.8Z03c2-DjJb7&smid=url-share

Boosted by baldur@toot.cafe ("Baldur Bjarnason"):
mhoye@cosocial.ca wrote:

Baffling morning scroll as axios the publication and axios the npm package are both getting attention for being bad at their jobs.

Boosted by baldur@toot.cafe ("Baldur Bjarnason"):
jasongorman@mastodon.cloud ("Jason Gorman") wrote:

I'm pretty satisfied at this point that the true extent of "AI" use in software development has been massively exaggerated.

Sure, lots of devs are using LLMs. But there seems to be very little advanced use. It's mostly chat window stuff and occasional inline completion, to keep the boss happy.

It is, however, a massive distraction.

dysfun@treehouse.systems ("gaytabase") wrote:

3 days into quitting smoking and i still don't feel healthier.

send praise.

Boosted by soatok@furry.engineer ("Soatok Dreamseeker"):
mmby wrote:

@lettosprey @soatok even with intact public health services in Europe, people don't get tested regularly because there is social stigma attached - I actually had my doc try to argue me out of it once, asking why I wanted to do that

if people are carried by momentum and the opportunity to be safer is *right there*, it's just great community service

Boosted by soatok@furry.engineer ("Soatok Dreamseeker"):
afewbugs@social.coop ("Jules she/her") wrote:

RE: https://furry.engineer/@soatok/116321104173678252

Apparently some furry conventions offer STI testing and people are making judgemental memes about it. Whereas as anyone who has ever attended or worse had to arrange a scientific conference will tell you this is something every conference should be offering.

Boosted by soatok@furry.engineer ("Soatok Dreamseeker"):
wronglang@bayes.club ("Krzysztof Sakrejda") wrote:

@soatok I see we're moving on from forgetting makes and into forgetting the 1990s

Boosted by soatok@furry.engineer ("Soatok Dreamseeker"):
mees@sunny.garden ("Mees 🔻") wrote:

@tiefling @soatok @hazelnoot you'd have to trust not just them, but also their former partners, and their former partners, etc. That's a lot to ask.